Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump marked version to ^0.3.2 #266

Merged
merged 1 commit into from
Oct 28, 2014
Merged

Bump marked version to ^0.3.2 #266

merged 1 commit into from
Oct 28, 2014

Conversation

okuryu
Copy link
Member

@okuryu okuryu commented Oct 25, 2014

It just updates marked version to ^0.3.2 since marked has security fixes.

The package.json seems to has many changes, but it actually only updates marked version by npm install --save marked@latest.

See also: https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities

It just updates marked version to ^0.3.2 since marked has security fixes.

The package.json seems to has many changes, but it actually only updates
marked version by `npm install --save marked@latest`.

See also: https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities
@yahoocla
Copy link

CLA is valid!

@okuryu okuryu merged commit 9aa3da5 into yui:master Oct 28, 2014
@okuryu okuryu deleted the bump-marked branch October 28, 2014 11:36
@okuryu okuryu self-assigned this Oct 28, 2014
@okuryu okuryu mentioned this pull request Nov 10, 2014
17 tasks
@okuryu okuryu added this to the v0.4.0 milestone Nov 28, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants